a11dfbf5eaa8a8016c3e5b37917295ff_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a11dfbf5eaa8a8016c3e5b37917295ff_JaffaCakes118
Size

2.4MB
MD5

a11dfbf5eaa8a8016c3e5b37917295ff
SHA1

9c56c50f024d0c30d65fecc21d0606d13e150fc4
SHA256

c01d3627e75521e6a8596bbb12f63111878429b5ac4aec18a1b113645f4759f9
SHA512

788892d0e36d1139345ae7e12be6446f84f1d9598e3f07d06d5828d0f294210c4a97c4fae4339e7f8e4e2870dc40641a97bae9f48d7962988f5a0b0aec6d008e
SSDEEP

49152:0+RZpVJqANpiLXIJasTQ3qmWKF6w4M+huMv3zyW5j1KttISDL5i2iyPwf:0+RZp9NpJTTQ6JJEwjyW7KttISDLkyPg

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 8 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/plugin/BGKM5.dll	acprotect
static1/unpack001/plugin/BkgndColor.dll	acprotect
static1/unpack001/plugin/Console.dll	acprotect
static1/unpack001/plugin/DBSoft.dll	acprotect
static1/unpack001/plugin/File.dll	acprotect
static1/unpack001/plugin/GetSysInfo.dll	acprotect
static1/unpack001/plugin/Memory.dll	acprotect
static1/unpack001/plugin/Window.dll	acprotect

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/plugin/BGKM5.dll	upx
static1/unpack001/plugin/BkgndColor.dll	upx
static1/unpack001/plugin/Console.dll	upx
static1/unpack001/plugin/DBSoft.dll	upx
static1/unpack001/plugin/File.dll	upx
static1/unpack001/plugin/GetSysInfo.dll	upx
static1/unpack001/plugin/Memory.dll	upx
static1/unpack001/plugin/Window.dll	upx

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
unpack001/plugin/BGKM5.dll
unpack001/plugin/BkgndColor.dll
unpack003/out.upx
unpack001/plugin/Console.dll
unpack004/out.upx
unpack001/plugin/DBSoft.dll
unpack005/out.upx
unpack001/plugin/File.dll
unpack006/out.upx
unpack001/plugin/GetSysInfo.dll
unpack007/out.upx
unpack001/plugin/Memory.dll
unpack008/out.upx
unpack001/plugin/Window.dll
unpack009/out.upx
unpack001/plugin/darkblue.dll
unpack001/plugin/playsound.dll
unpack001/小小问道90环3.18.exe

Files

a11dfbf5eaa8a8016c3e5b37917295ff_JaffaCakes118
.rar
plugin/BGKM5.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetCommand
GetCommandCount
GetFormatVersion
GetPluginDescription

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
plugin/BkgndColor.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Console.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 894B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/DBSoft.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 356KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 368KB - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/File.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/GetSysInfo.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 870B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Memory.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Window.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/darkblue.dll
.dll regsvr32 windows:4 windows x86 arch:x86

065db78516eb07d5b893d73d4ea92cdb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
ord694
__vbaFreeVar
__vbaAptOffset
__vbaLenBstr
__vbaGosubReturn
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaError
__vbaBoolErrVar
__vbaLsetFixstr
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
__vbaVargVarCopy
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaCyErrVar
ord592
__vbaExitProc
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaForEachCollVar
__vbaStrFixstr
__vbaBoolVarNull
_CIsin
__vbaErase
ord631
__vbaVarCmpGt
__vbaVargVarMove
__vbaChkstk
__vbaGosubFree
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaAryConstruct2
__vbaVarTstEq
__vbaDateR8
ord561
__vbaNextEachCollVar
__vbaI2I4
DllFunctionCall
__vbaVarOr
ord563
__vbaFpUI1
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
Zombie_GetTypeInfoCount
__vbaRedim
__vbaUI1ErrVar
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaStrUI1
__vbaExceptHandler
ord712
__vbaStrToUnicode
__vbaR4ErrVar
ord606
_adj_fprem
_adj_fdivr_m64
__vbaR8ErrVar
ord607
ord608
__vbaFPException
ord717
__vbaInStrVar
ord319
__vbaUbound
__vbaStrVarVal
__vbaGetOwner3
__vbaVarCat
__vbaGetOwner4
__vbaDateVar
__vbaI2Var
ord644
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaNew2
ord648
ord570
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarCmpLt
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord578
__vbaVarTstNe
ord101
ord102
__vbaI4Var
ord103
__vbaVarCmpEq
ord104
ord105
__vbaAryLock
__vbaVarAdd
ord320
__vbaVarDup
__vbaStrComp
__vbaStrToAnsi
ord321
ord616
__vbaVarCopy
ord617
_CIatan
__vbaI2ErrVar
__vbaAryCopy
__vbaCastObj
__vbaStrMove
__vbaStrVarCopy
ord619
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaI4ErrVar
__vbaFreeStr
__vbaFreeObj
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/darkblue.ini
plugin/playsound.dll
.dll regsvr32 windows:4 windows x86 arch:x86

ea19399f6e96d517b5a76fc60242b115

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
ord694
__vbaFreeVar
__vbaAptOffset
__vbaLenBstr
__vbaGosubReturn
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaError
__vbaBoolErrVar
__vbaLsetFixstr
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
__vbaVargVarCopy
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaCyErrVar
ord592
__vbaExitProc
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaForEachCollVar
__vbaStrFixstr
__vbaBoolVarNull
_CIsin
__vbaErase
ord631
__vbaVarCmpGt
__vbaVargVarMove
__vbaChkstk
__vbaGosubFree
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaAryConstruct2
__vbaVarTstEq
__vbaDateR8
ord561
__vbaNextEachCollVar
__vbaI2I4
DllFunctionCall
__vbaVarOr
ord563
__vbaFpUI1
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
Zombie_GetTypeInfoCount
__vbaRedim
__vbaUI1ErrVar
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaStrUI1
__vbaExceptHandler
ord712
__vbaStrToUnicode
__vbaR4ErrVar
ord606
_adj_fprem
_adj_fdivr_m64
__vbaR8ErrVar
ord607
ord608
__vbaFPException
ord717
__vbaInStrVar
ord319
__vbaUbound
__vbaStrVarVal
__vbaGetOwner3
__vbaVarCat
__vbaGetOwner4
__vbaDateVar
__vbaI2Var
ord644
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaNew2
ord648
ord570
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarCmpLt
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord578
__vbaVarTstNe
ord101
ord102
__vbaI4Var
ord103
__vbaVarCmpEq
ord104
ord105
__vbaAryLock
__vbaVarAdd
ord320
__vbaVarDup
__vbaStrComp
__vbaStrToAnsi
ord321
ord616
__vbaVarCopy
ord617
_CIatan
__vbaI2ErrVar
__vbaAryCopy
__vbaCastObj
__vbaStrMove
__vbaStrVarCopy
ord619
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaI4ErrVar
__vbaFreeStr
__vbaFreeObj
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/playsound.ini
小小问道90环3.18.exe
.exe windows:4 windows x86 arch:x86

b803eb351323174642ae2e608caa4c59

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord807
ord2920
ord2012
ord2120
ord554
ord4163
ord1644
ord1146
ord5572
ord2919
ord939
ord940
ord941
ord5787
ord4133
ord4297
ord1621
ord4202
ord5856
ord536
ord2452
ord2753
ord1195
ord472
ord5161
ord5162
ord5160
ord4905
ord4742
ord4976
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord491
ord1907
ord4258
ord489
ord768
ord283
ord4478
ord4267
ord2450
ord1908
ord4406
ord3729
ord1690
ord2528
ord5288
ord4439
ord2054
ord4431
ord771
ord804
ord4259
ord4284
ord6242
ord4715
ord2370
ord6334
ord2575
ord4396
ord3574
ord609
ord801
ord2862
ord3996
ord922
ord1199
ord3302
ord2817
ord5829
ord3726
ord541
ord2065
ord3716
ord790
ord2301
ord2358
ord6111
ord926
ord1168
ord2642
ord3610
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord656
ord809
ord556
ord5053
ord4774
ord5981
ord6270
ord3874
ord613
ord289
ord2122
ord6358
ord1088
ord6197
ord6380
ord3698
ord765
ord1768
ord2086
ord6883
ord711
ord398
ord413
ord700
ord6307
ord913
ord4167
ord521
ord1158
ord4189
ord6153
ord5645
ord5583
ord6385
ord2393
ord5710
ord3790
ord6283
ord6282
ord2784
ord4278
ord3089
ord2860
ord3797
ord1200
ord6569
ord6648
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord617
ord5214
ord296
ord2621
ord1134
ord2820
ord348
ord663
ord498
ord755
ord470
ord5637
ord3092
ord5849
ord3475
ord4287
ord2109
ord1008
ord6930
ord6928
ord4476
ord284
ord6453
ord6407
ord798
ord5194
ord533
ord1188
ord6663
ord1988
ord4242
ord5030
ord2244
ord4457
ord4981
ord4499
ord1949
ord4034
ord539
ord5860
ord2408
ord2096
ord1175
ord5785
ord2405
ord323
ord1640
ord6194
ord640
ord3619
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6172
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord537
ord5759
ord2971
ord5953
ord1871
ord4694
ord5148
ord3138
ord683
ord2243
ord3226
ord3631
ord2765
ord1085
ord802
ord2726
ord817
ord565
ord1641
ord2614
ord5788
ord2567
ord2414
ord5683
ord4277
ord2763
ord4129
ord5875
ord3626
ord3693
ord3573
ord3571
ord2859
ord5606
ord2863
ord4083
ord6142
ord2438
ord3654
ord2584
ord4220
ord1862
ord500
ord3701
ord772
ord1574
ord1099
ord686
ord384
ord2379
ord4710
ord4160
ord2818
ord4234
ord2302
ord324
ord641
ord795
ord3721
ord3402
ord3597
ord4425
ord5280
ord1775
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord6394
ord6383
ord5715
ord4699
ord5303
ord5440
ord1948
ord559
ord5610
ord1576
ord5862
ord6144
ord812
ord542
ord5834
ord2044
ord1572
ord844
ord2448
ord6876
ord462
ord1770
ord861
ord5500
ord6354
ord6929
ord1106
ord743
ord446
ord4003
ord2486
ord4226
ord290
ord2623
ord614
ord1799
ord6927
ord5620
ord415
ord715
ord403
ord1969
ord2454
ord3939
ord404
ord273
ord603
ord703
ord5861
ord6143
ord6662
ord353
ord6874
ord1601
ord2136
ord3528
ord3005
ord3803
ord4123
ord2380
ord1232
ord1270
ord682
ord4400
ord1844
ord4124
ord2099
ord2112
ord859
ord5450
ord6199
ord6880
ord6215
ord389
ord5207
ord2764
ord690
ord6877
ord5290
ord2107
ord3811
ord535
ord860
ord551
ord354
ord5186
ord665
ord3318
ord5442
ord1979
ord1105
ord858
ord924
ord2915
ord823
ord2841
ord825
ord4299
ord3752
ord6128
ord783
ord567
ord540
ord2864
ord2124
ord818
ord3663
ord3742
ord4424
ord4627
ord4080
ord3079
ord3825
ord692
ord3639
ord4401
ord2581
ord4219
ord2024
ord2413
ord6366
ord1771
ord3711
ord2089
ord6605
ord6442
ord3021
ord955
ord6905
ord3293
ord6907
ord3998
ord6007
ord3286
ord6762
ord6654
ord3301
ord2754
ord5781
ord3706
ord6696
ord693
ord3640
ord4402
ord2582
ord3370
ord4243
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord4275
ord800
ord2135

msvcrt

mbstowcs
srand
time
__CxxFrameHandler
_mbscmp
rand
free
malloc
wcscpy
wcslen
_ftol
_itoa
_strnicmp
_getch
memmove
fclose
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_stricmp
qsort
_mbsicmp
_mbstok
fprintf
printf
_tempnam
isxdigit
rewind
ftell
toupper
isprint
calloc
_purecall
wcsstr
_wcslwr
_CxxThrowException
strrchr
??8type_info@@QBEHABV0@@Z
_setmbcp
_onexit
__dllonexit
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
tolower
strncmp
isupper
islower
sscanf
strncpy
fgets
_splitpath
exit
fputc
fgetc
fseek
_mbsstr
strstr
strchr
isalpha
isdigit
sprintf
atol
_mbsnbcpy
atoi
fopen
fread
fwrite

kernel32

GetFileInformationByHandle
WriteFile
SystemTimeToFileTime
GetLocalTime
GetTickCount
InterlockedCompareExchange
GetUserDefaultLCID
GetStringTypeExA
LCMapStringA
GetSystemInfo
VirtualFree
SetFileTime
LocalFileTimeToFileTime
SetFilePointer
LocalFree
GetStartupInfoA
InterlockedExchange
PulseEvent
TerminateProcess
GetCurrentProcessId
MoveFileA
CreateFileMappingA
SetCurrentDirectoryA
SetFileAttributesA
GetPrivateProfileStringA
GetTempPathA
GetModuleHandleA
GetCommandLineA
GetProcAddress
CreateFileA
DeviceIoControl
lstrcatA
WinExec
lstrcpyA
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
lstrcpynA
GetProcessHeap
HeapAlloc
HeapFree
CreateThread
WaitForSingleObject
GetExitCodeThread
GetLastError
CreateEventA
CloseHandle
Sleep
CreateDirectoryA
CreateProcessA
GetCurrentProcess
SetPriorityClass
WritePrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetCPInfo
lstrlenW
lstrlenA
GetVersion
GetVersionExA
GetSystemDirectoryA
DeleteFileA
WideCharToMultiByte
MultiByteToWideChar
VirtualProtect
CopyFileA
GetTempFileNameA
IsDebuggerPresent
GetModuleFileNameA
SetEvent
ResumeThread
SuspendThread
Beep
ResetEvent
OutputDebugStringA
GetCurrentThreadId
ReadProcessMemory
OpenProcess
SetLastError
GetACP
InterlockedDecrement
InterlockedIncrement
GlobalFree
ReadFile
GlobalAlloc
GetFileSize
LocalAlloc
FormatMessageA
GetCurrentThread
SetEnvironmentVariableA
UnmapViewOfFile
MapViewOfFile
IsDBCSLeadByte
GlobalUnlock
GlobalLock
GlobalSize
GlobalReAlloc
SetUnhandledExceptionFilter
Module32Next
Module32First
CreateToolhelp32Snapshot
VirtualQuery
SleepEx
TerminateThread
FileTimeToSystemTime
GetCurrentDirectoryA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

RedrawWindow
GetParent
GetWindowRect
IsWindow
EnableWindow
GetMenuItemInfoA
DrawEdge
FillRect
CopyRect
GetSysColor
RegisterWindowMessageA
IsRectEmpty
GetFocus
UpdateWindow
LockWindowUpdate
BringWindowToTop
DefWindowProcA
GetClassInfoA
DrawFrameControl
ShowScrollBar
LoadMenuA
MapVirtualKeyA
SetCursorPos
ClipCursor
GetForegroundWindow
GetWindowThreadProcessId
GetAsyncKeyState
SendInput
MessageBoxA
RegisterHotKey
KillTimer
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetWindowDC
PostMessageA
keybd_event
CheckMenuItem
GetCapture
GetKeyState
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
LoadStringA
SystemParametersInfoA
DestroyIcon
DrawIconEx
ReleaseDC
DrawTextA
GetDC
GetSystemMetrics
AppendMenuA
GetMenuItemCount
ModifyMenuA
GetMenuState
GetMenuItemID
CreatePopupMenu
CreateMenu
GetMenuStringA
GetSysColorBrush
UnregisterHotKey
SetTimer
LoadBitmapA
GetSubMenu
TabbedTextOutA
GrayStringA
SendMessageA
PostQuitMessage
DestroyCursor
GetActiveWindow
GetDesktopWindow
InvalidateRect
GetGUIThreadInfo
SetRect
GetCursorPos
ScreenToClient
IsIconic
DrawIcon
LoadIconA
GetWindowLongA
IsMenu
GetNextDlgTabItem
PostThreadMessageA
LoadCursorA
CopyIcon
SetWindowLongA
PtInRect
ReleaseCapture
SetCapture
wsprintfA
SetForegroundWindow
SetActiveWindow
LoadImageA
GetIconInfo
DrawStateA
GetClientRect
FrameRect
InflateRect
OffsetRect
DrawFocusRect
ClientToScreen
WindowFromPoint
SetCursor
MessageBoxA

gdi32

GetTextExtentPoint32W
DeleteObject
BitBlt
GetTextExtentPoint32A
CreateDIBSection
SetPixel
CreateCompatibleBitmap
Ellipse
DeleteDC
CreateRectRgn
GetCurrentObject
GetBkColor
GetDeviceCaps
CreateDCA
GetDIBits
SelectObject
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
GetBkMode
SetDIBits
CreateBitmap
SetBkColor
SetTextColor
GetStockObject
Escape
Rectangle
ExtTextOutA
TextOutA
RectVisible
PtVisible
PatBlt
GetObjectA
GetPixel

advapi32

OpenSCManagerA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegQueryValueA
ControlService
StartServiceA
OpenServiceA
DeleteService
RegCloseKey
CreateServiceA
CloseServiceHandle
RegOpenKeyA
RegCreateKeyA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA

shell32

ShellExecuteExA
Shell_NotifyIconA
ShellExecuteA

comctl32

ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Draw

ole32

CoCreateInstance
CoInitialize
ProgIDFromCLSID
CoUninitialize
StgOpenStorage
OleRun

msvcp60

?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0logic_error@std@@QAE@ABV01@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?_Xlen@std@@YAXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?what@logic_error@std@@UBEPBDXZ
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7logic_error@std@@6B@
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7runtime_error@std@@6B@
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0runtime_error@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Ostd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Nstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IID@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?_Doraise@runtime_error@std@@MBEXXZ
?what@runtime_error@std@@UBEPBDXZ
??1logic_error@std@@UAE@XZ
??0bad_exception@std@@QAE@ABV01@@Z
??1bad_exception@std@@UAE@XZ
??_7bad_exception@std@@6B@
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z

shlwapi

SHDeleteKeyA

ws2_32

ntohs
ntohl
htonl
WSAGetLastError
setsockopt
WSASocketA
closesocket
WSAWaitForMultipleEvents
WSAEventSelect
shutdown
WSARecv
WSAEnumNetworkEvents
WSASend
WSAConnect
inet_addr
inet_ntoa
gethostbyname
htons

wininet

InternetSetOptionA

oleaut32

GetErrorInfo
LoadTypeLi
VariantClear
VariantCopy
VariantInit
SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen
SysAllocStringByteLen

winmm

PlaySoundA
timeGetTime

Exports

Exports

P�J��g�0A3�<�Ȱ��;�ӎG��[j�֯M� @jC��)�Š�|�+��3��v�F4H�߿��r=U�#��oM�w�(m��M>�n�&QN #��>�F�:"1\Y ��e �8lm�� E��}��Z�U�S�;��Ո2�E#��Ұf�h��A��|z7Y�Y]2%9A�O�2��G_G)�a,��.ݮ��Ka��J�=$O��!�F S,�B�f4��&\��zZ6��6� �^�ӱ7�n��h��SE�5Vx��)x7��%i��Q�ũ�}3}�}��S1��@e�B�M-� ��хR,��-f��I��T} ��^+�Ո�L��k�/5��kYk�)��\��,ݭ��8�a��&��][t<�H��+$��+$ǲ�gT�A��:�I�Z(t!��-�9�=�3V��mZCQ+��Js��E��T�b�y��Sy��~~��7Z��A��-�@��O�$W �/��|N:��?�׎Di��I:4�- �6G��V3KH�2�~ ��w`�XU��e�k��z��4�w��Ó�ScŢ �T׷��Y�jc:�! ��T��/��d��M5i4p!��d�N�!Ľ�M��10��|��ע��L�{�vB\_��3�X[q��<��m�s6�C熷)��mE<s9!��&��1?Z<��c]�e�p�d�2H��-�3�+@��)��U�2��XRm>��g[F��[2�7��%�P�]D��]5��Q?�h__��r�CUR��0?�} ��*��˙m6�c�V�=��L��U-&�:�� `�h��JB�oӯ�->��b�� S�. &i<�j�('rta�(�t]�q� �;8m��x� 'uN��-.��R8ρ=oQ��i�Hj�y�u�& l��d��?��@o�Nl�(��6�H�ܞm��`��-_��-�>��o.OG�<��m�jp]�N鏾X��[�|�|0_�W- �&��0��k8��37}��ޘ=q��2 ��c�' \�%�Q$~�}�sQЦ�a�<��^�G�%�˃!CEU�ay��y��:h�� "h��Lc_��f�)9 !�X>�2AΨy��b@��H{:�<��b��(��Df��}f1n�=V��5��>QBD}U[�5�$��?y��ļ��K��YA;��g`�y$O�Ͻ��[!��Lnw�ۏ�7��T�[S�>�k�9��Z��^˅>S#��wJ]Eі��'�2�B\��(Eb�w��J@rN��:0�]߯}�D�ut�ʕQ�l�t��h�6Q_u��\X��4<�Y�� D^��l?�@�1#�pvk��)u��!�Rq8+�PD��΋�pk�WE�&�5S_��Nj ��>�P�m�"��z21i 3Pӑ��IDv){m��)��Lč�m4kC5:(��wܰ�N��M�$�e�&�U��-��e�� ۉ�)��%מ�M�k�5J��Wm)��!Fr�ދ��M�{��̓�[�Iw�.U�=�{�8]CMʧĉJ��s�S��^PN®_�f�s�xpp��V��)�$<��i4w +;��+��pޅ��Dln�V 9��=Cs�T_�[��g6)wr��%H�N��S��d$��G��{�N9a 4��x7O��^Q{bj��7�r pW%��!�6 ��C�-x.�ƓC��l^�}I�SӒ-|#m��%��\��f�8�;��?0��M� ��RfHT5A:-�_LN��'��B�i�T��p�𾛦�;5�٠�h��"��Q�7�`�}�9��Ey��(�fbe *$��v3"M��z�=��,g��*ˊӃ�2IC�nV�%} �'�G��pj ��ò��'?��@;�8�@M�%_/�Z.�.ݻ�{y��L\�)u@�+ٌW0􉚙-�Z��c<��ם��D��Ud.��-��?ad/9ԆkB��ٟ;� z�v��!P�C��k-��QѡS��`��{jQ��=�~� R3P3>��l�=2r��Q��J7�΁8U� ^��t��q�t�p��r�qT`ү�� S��,"�m�>2؛�ri��,��.��BًQ�%�!I^�5[�ϴ�X0�~2��a�jf��g�@�&��\~l�˙�o��<}c�4� �[��4w�� ! �� -~ϛ�6�'Y\��{�w��Ͳ؎��܄��~��xH(b�*��:p��C�C��җ.&��"Fh.��Hcܯ;��x |�q��N�c�Z��s>��H Di��I��#=E��h�z"�\_��-Y�g��L`�h�t�.c�N$͛��"��}pІ�-��{)�׆��c�ÌMd�y?�S݂��f&��nS?s�Ía�� ؊��i��T�ң��{��U�� ?DJ��?��DI_m��*�8j��g�e��렮P��]��%L��m�'Y��[<q��D��\o�[��o��94ׯ/�C�-n��b?��FA�*a�d�`�Mũ��}{EfBU@�.��Ra��)Q�.�,�ўAlN��%Q��>z�o��L��(�J�=u�@��K��px��H��s��d<�P�k?��Y��a��U��%�Ac��w/ܙ�O��C0�%��9�5%� U��ǳF��|��8�h�P�+�()��{W�R�H�xڦ� ��BPs";&�ϼńE�`e�90��@��G-��wfNX�͞*֞�&��v�4��i#h$�c1#q��b�Uz�e:;�� F��E��#;�h΋� �v�J� �x�9��y⸱.Zz'��z.�f�ۆa� (," �W�� >_��v瘇��ޘ&��u�6X��i7$�A�QA@��jT�GB�`�

Sections

.text
Size: 440KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mmc0
Size: 900KB - Virtual size: 897KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mmc1
Size: 472KB - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mmc2
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 900KB - Virtual size: 897KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 36KB

UPX1 Size: 15KB - Virtual size: 16KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 28KB

UPX1 Size: 6KB - Virtual size: 8KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 8KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 1KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 28KB

UPX1 Size: 4KB - Virtual size: 8KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 894B

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 356KB

UPX1 Size: 112KB - Virtual size: 112KB

.rsrc Size: 27KB - Virtual size: 28KB

Headers

File Characteristics

Sections

.text Size: 368KB - Virtual size: 366KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 36KB - Virtual size: 32KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 28KB

UPX1 Size: 5KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 8KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

Headers

File Characteristics

Exports

Exports

UPX0
Size: - Virtual size: 36KB

UPX1
Size: 15KB - Virtual size: 16KB

UPX2
Size: 512B - Virtual size: 4KB

UPX0
Size: - Virtual size: 28KB

UPX1
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 28KB

UPX1
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 894B

UPX0
Size: - Virtual size: 356KB

UPX1
Size: 112KB - Virtual size: 112KB

.rsrc
Size: 27KB - Virtual size: 28KB

.text
Size: 368KB - Virtual size: 366KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 36KB - Virtual size: 32KB

UPX0
Size: - Virtual size: 28KB

UPX1
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 28KB

UPX1
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 870B

UPX0
Size: - Virtual size: 28KB

UPX1
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 32KB

UPX1
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 88KB - Virtual size: 85KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB